WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

REST API: check parent and revision ids match before retrieving revision. 

Adds a condition to check that parent id matches revision parent id in `WP_REST_Revisions_Controller` `get_item` method.

Props ramonopoly, adamsilverstein, danielbachhuber, spacedmonkey, andrewserong.
Fixes #59875.

Built from https://develop.svn.wordpress.org/trunk@57222


git-svn-id: http://core.svn.wordpress.org/trunk@56728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
isabel_brison 2023-12-22 02:12:21 +00:00
parent 45c67f7f11
commit 6e1fe93a1c
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
View File

@ -387,6 +387,7 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
* Retrieves one revision from the collection. * Retrieves one revision from the collection.
* *
* @since 4.7.0 * @since 4.7.0
* @since 6.5.0 Added a condition to check that parent id matches revision parent id.
* *
* @param WP_REST_Request $request Full details about the request. * @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
@ -402,6 +403,15 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
return $revision; return $revision;
} }
if ( (int) $parent->ID !== (int) $revision->post_parent ) {
return new WP_Error(
'rest_revision_parent_id_mismatch',
/* translators: %d: A post id. */
sprintf( __( 'The revision does not belong to the specified parent with id of "%d"' ), $parent->ID ),
array( 'status' => 404 )
);
}
$response = $this->prepare_item_for_response( $revision, $request ); $response = $this->prepare_item_for_response( $revision, $request );
return rest_ensure_response( $response ); return rest_ensure_response( $response );
} }

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.5-alpha-57221'; $wp_version = '6.5-alpha-57222';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.